Admin Panel — Basics

What it is

An internal, Datawake-staff-only surface at app.givelink.ai/admin for support work: look up users and orgs, view state, read audit trails. Ergonomic wrapper over data staff can already query in Neon, not a security boundary. Everything logs to admin_audit_log.

Who has access

Users with users.is_super_admin = true. The SUPER_ADMIN_EMAILS env var auto-promotes on Clerk user.created / user.updated. Non-admins get a 404 (not 403) on /admin — the route is treated as non-existent.

Removing an email from the env var does NOT revoke access. To revoke: Spec C's in-UI toggle, or a manual UPDATE users SET is_super_admin = false.

Bootstrap mechanics

One-time promotion, gated on super_admin_bootstrapped_at IS NULL. Once set, webhook replays don't re-promote. That means a manual demote sticks across the next webhook fire.

Accessing the panel

Just browse to app.givelink.ai/admin. No separate login.

Navigation

Sidebar: Users, Orgs, Audit Log. Top bar: current admin email + "Back to dashboard" link to return to the org-admin UI.

Users page tour

Columns: email, name, orgs (count), created, status (active / soft-deleted), super-admin flag. Search: email / firstName / lastName (ILIKE). Filters: status + super-admin-only. Pagination: 50 per page, cursor-based.

Click a row → user detail: identity panel, org memberships (linked), last 50 admin actions on this user, empty actions bar (populated in Spec C).

Orgs page tour

Columns: name, EIN, members, campaigns, payments, status, created. Search: name / EIN / website (ILIKE).

Badges:

• orphaned — no members.
• stuck onboarding — status='onboarding' AND createdAt older than 7 days.
• soft-deleted — deletedAt IS NOT NULL (shown only when the status filter includes soft-deleted).

Click a row → org detail: identity, status (with onboarding progress checklist), members (linked), last 50 admin actions, empty actions bar.

Audit log page tour

Newest-first. Filters: admin user ID, action name, target user ID, target org ID, since date. 100 rows per page.

Each row shows: timestamp, admin email (snapshot — survives hard-delete), action name (e.g. user.soft_delete), and the target (linked if non-null, falls back to the snapshot email/name if the FK was cleared by a hard-delete).

What you can't do from this panel (yet)

Spec B is read-only. Destructive actions (impersonate, reset onboarding, edit metadata, soft-delete, toggle super-admin, hard-delete) land in Admin Panel — Operations and Admin Panel — Hard Deletes.

Troubleshooting

"I got 404 on /admin" — either (a) your account isn't promoted, (b) you're currently impersonating someone (MF-J — actor sessions can't reach super-admin routes), or (c) your session is stale. Sign out and back in.

"My DB flag is true but /admin still 404s" — your Clerk session cache may be stale. Sign out + back in. Or check whether auth().actor is set in your session (shouldn't be unless you explicitly impersonated — see Spec C docs for how to end impersonation).

"I see wrong data" — check the status filter. The default is "active" which excludes deletedAt IS NOT NULL rows. Switch to "all" or "soft-deleted" to see the full picture.